Fortinet NSE7_PBC-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

AUse the Name and ID values of the key pair

BUse the Name of the key pair

CUse the ID value of the key pair.

DUse the Fingerprint value of the key pair

Answer : B

For deploying a FortiGate VM using Terraform in AWS, the administrator must use:

B . Use the Name of the key pair.

Terraform and AWS SSH Keys: When deploying instances in AWS using Terraform, it is required to specify the name of the SSH key pair to enable key-based authentication to the instance post-deployment.

Configuration Syntax: The variable keyname within the Terraform configuration should match the exact name of the SSH key pair as it is stored in AWS. This ensures that Terraform can reference the correct key during the deployment process to set up SSH access to the FortiGate VM.

Terraform Variables: The variable 'keyname' block in the Terraform configuration will look for the key pair name as it should be declared in the terraform.tfvars file or passed as a variable during execution. This does not require the key pair's ID or fingerprint, just its name.

Question 2

How does Terraform keep track of provisioned resources?

AIt uses the terraform. tf state file

BTerraform does not keep the state of resources created

CIt uses the terraform. tfvars file.

DIt uses the database. tf file.

Answer : A

Terraform manages and tracks the state of infrastructure resources through a file known as terraform.tfstate. This file is automatically created by Terraform and is updated after the application of a Terraform plan to capture the current state of the resources.

State File Purpose: The terraform.tfstate file contains a JSON object that records the IDs and properties of resources Terraform manages, so that it can map real-world resources to your configuration, keep track of metadata, and improve performance for large infrastructures.

State File Management: This file is crucial for Terraform to perform resource updates, deletions, and for creating dependencies. It's essentially the 'source of truth' for Terraform about your managed infrastructure and services.

Question 3

Which statement about immutable infrastructure in automation is true?

AIt is the practice of deploying a new server for every configuration change

BIt is the practice of modifying the existing server configuration after it is deployed

CIt is the practice of deploying two parallel servers for high availability.

DIt is the practice of applying hotfixes and OS patches after deployment

Answer : A

The statement that best describes the concept of immutable infrastructure in the context of automation is:

A . It is the practice of deploying a new server for every configuration change.

Immutable Infrastructure Concept: This approach to infrastructure management involves replacing servers or components entirely rather than making changes to existing configurations once they are deployed. When a change is needed, a new server instance is provisioned with the desired configuration and the old one is decommissioned after the new one is successfully deployed and tested.

Benefits: Immutable infrastructure minimizes the risks associated with in-place updates, such as inconsistencies or failures due to configuration drift. It enhances reliability and predictability by ensuring that the deployed environment matches exactly what was tested in staging. This practice is particularly aligned with modern deployment strategies like blue/green or canary deployments.

Question 4

You are adding a new spoke to the existing transit VPC environment using the AWS Cloud Formation template. Which two components must you use for this deployment? (Choose two.)

AThe OSPF AS value used for the hub.

BThe Amazon CloudWatch tag value.

CThe BGPASN value used for the transit VPC.

DThe tag value of the spoke

Answer : C, D

When using an AWS CloudFormation template to add a new spoke to an existing transit VPC environment, the necessary components are:

The BGPASN value used for the transit VPC (Option C): BGP Autonomous System Number (ASN) is required for setting up BGP routing between the transit VPC and the new spoke. This number uniquely identifies the system in BGP routing and is crucial for correct routing and avoiding routing conflicts.

The tag value of the spoke (Option D): Tags in AWS are used to identify and manage resources. The tag value assigned to a spoke VPC helps in organizing, managing, and locating the VPC within the larger AWS environment. Tags are essential for automation scripts and policies that depend on specific identifiers to apply configurations or rules.

Question 5

Which two Amazon Web Services (AWS) features do you use for the transit virtual private cloud (VPC) automation process to add new spoke N/PCs? (Choose two )

AAmazon S3 bucket

BAWS Security Hub

CAWS Transit Gateway

DAmazon CloudWatch

Answer : A, C

Question 6

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.

How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?

AIt uses a FortiGate internal or external IP address with TCP port 21

BIt uses SSH as a connection method to FortiOS.

CIt uses an API.

DIt uses YAML

Answer : C

Ansible connects to FortiGate using an API, which is a method of communication between different software components.Ansible uses the fortios_* modules to interact with the FortiOS API, which is a RESTful API that allows configuration and monitoring of FortiGate devices12.Ansible can use either HTTP or HTTPS as the transport protocol, and can authenticate with either a username and password or an API token3.

The other options are incorrect because:

Ansible does not use TCP port 21 to connect to FortiGate.Port 21 is typically used for FTP, which is not supported by FortiOS4.

Ansible does not use SSH as a connection method to FortiOS. SSH is a secure shell protocol that allows remote command execution and file transfer, but it is not the preferred way of automating configuration changes on FortiGate devices.

Ansible does not use YAML to connect to FortiGate. YAML is a data serialization language that Ansible uses to write playbooks and inventory files, but it is not a connection method.Reference:

Fortinet.Fortios --- Ansible Documentation

FortiOS REST API Reference

FortiOS Module Guide --- Ansible Documentation

FortiOS 7.0 CLI Reference

[Connection methods and details --- Ansible Documentation]

[YAML Syntax --- Ansible Documentation]

Question 7

Refer to the exhibit

You are tasked to deploy a FortiGate VM with private and public subnets in Amazon Web Services (AWS).

You examined the variables.tf file.

What will be the final result after running the terraform init and terraform apply commands?

ATerraform will not deploy a FortiGate VM

BTerraform will deploy a FortiGate VM in the eu-West-Ia region with private and public subnets.

CTerraform will deploy a FortiGate VM in the eu-West-1a region with two subnets and byol license.

DTerraform will deploy a FortiGate VM in the eu-West-Ia region without any subnets.

Answer : C

The variables.tf file shows that the FortiGate VM will be deployed in the eu-West-Ia region with private and public subnets. The region variable is set to ''eu-west-1'' and the availability_zone variable is set to ''eu-west-1a''. The vpc_id variable is set to ''vpc-0e9d6a6f'' and the subnets variable is set to a list of two subnet IDs: ''subnet-0f9d6a6f'' and ''subnet-1f9d6a6f''. The license_type variable is set to ''on-demand'' and the ami_id variable is set to ''ami-0e9d6a6f''.

Fortinet NSE7_PBC-7.2 Fortinet NSE 7 - Public Cloud Security 7.2 Exam Practice Test